<?php
//ZONE USER
if($user->access != 0){	
	
	//gestion de l'update des films
	if (isset($_GET['update']) and $_GET['update']=="ok"){
		Server::refresh_server($_GET['server']);
		
	}
	
   //fonction de ping
	if (isset($_GET['ping']) and $_GET['ping']!="" ){
		print Server::check_serv_up($_GET['ping']);exit();
	}
	
	//fonction de download
	if (isset($_GET['film']) and $_GET['film']!="" and isset($_GET['idserver']) ){
		$array = Download::get_id($_GET['idserver'],$user->login,$_GET['film']);
		Download::send_id($array);
		exit();
	}
	

	//send txt favorite header
	if ($_GET['dl_txt']=='1'){
 		Download::generate_favorite_header($_POST['favorite_box']);
 		exit;
	}
 	
	//gestion des favoris
	if ($_POST['action'] == "remove_favorite" and isset($_POST['favorite_box']) and $_GET['dl_txt'] != "1" ){
		Fav::remove_favorite_array($_POST['favorite_box'],$user->login);
	}
	
	//changement de mdp
	if (isset($_POST['old_passwd']) and isset($_POST['new_passwd1']) and isset($_POST['new_passwd2'])){
		if(($_POST['new_passwd1'] != "") and ($_POST['new_passwd1'] == $_POST['new_passwd2']) ){
			if (strlen($_POST['new_passwd1']) > 5 AND $user->set_new_password($_POST['old_passwd'],$_POST['new_passwd1'])){
				$info = "New password OK";	
			}else{
				$user->message->addError("To short Password !!");
			}
		}else{
			$user->message->addError("Different password");
		}
	}
	
	//Add Message
	if ($_POST['envoi']== 'add' AND isset($_POST['message'])){
	    if ($_POST['message'] != NULL){
	        PostMessage::addMessage($_POST['message']);
	        ?>
	        <script type="text/javascript">
	        window.close()
	        window.opener.document.location.href="./index.php?page=message";
			</script>
	        <?php
	        exit();
	    }else{
	    	$user->message->addError("Empty message");
	    }
	}
}
//Zone ADMIN
if ($user->access == 2){
	
	//gestion d'ajout d'un server
	if (isset($_POST['hidden']) and $_POST['hidden']=='add_server'){
		if (isset($_POST['server_name']) and isset($_POST['server_pin']) and $_POST['server_name']!= "" and $_POST['server_pin']!=""){
			Server::add_server($_POST['server_name'],$_POST['server_address'],$_POST['server_pin']);
		}
		else{
			$user->message->addError("Name or pin missing");
		}
	}
	//gestion du cas de suppression d'un server
		if (isset($_POST['hidden']) and $_POST['hidden']=='server_remove'){	
			Server::remove_server($_POST['server_box']);
		}

	//gestion d'ajout d'un user
	if (isset($_POST['hidden']) and $_POST['hidden']=='add_user'){
		if (isset($_POST['user_login']) and isset($_POST['user_password']) and $_POST['user_password']!= "" and $_POST['user_login']!=""){
			User::add_user($_POST['user_login'],$_POST['user_password'],$_POST['user_access'],$_POST['user_email']);
		}
		else{
			$user->message->addError("Name or Password missing");
		}
	}	
		
	//gestion du cas de suppression d'un utilisateur
	if (isset($_POST['hidden']) and $_POST['hidden']=='user_remove'){
		User::remove_user($_POST['user_box']);
	}
	
	//si modif server
	if(isset($_GET['idmodifserver']) and $_GET['idmodifserver']!= ""){
		if (isset($_POST['mname']) and $_POST['mname'] != "" ){
			$id =mysql_real_escape_string(htmlspecialchars($_POST['mid']));
			$serv_name=mysql_real_escape_string(htmlspecialchars($_POST['mname']));
			$serv_address=mysql_real_escape_string(htmlspecialchars($_POST['maddress']));
			
			$sql_query=mysql_query("Select name from ".DATABASE_TABLE_SERVER." WHERE id = $id");
			while ($query = mysql_fetch_array($sql_query) ){
				$old_name = $query['name'];
			}
			if($old_name != $serv_name){
				$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_SERVER." SET name = '".$serv_name."' WHERE id = ".$id." LIMIT 1");
				$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_FILE." SET server = '".$serv_name."' WHERE server = '".$old_name."'");
			}
			$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_SERVER." SET address = '".$serv_address."' WHERE id = ".$id." LIMIT 1");
			if(($_POST['mpasswd1']!="")and isset($_POST['mpasswd2'])){
					if ($_POST['mpasswd1']==$_POST['mpasswd2']){
						$newpasswd = $_POST['mpasswd1'];
						$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_SERVER." SET pin = '".$newpasswd."' WHERE id = ".$id." LIMIT 1");
					}else{
							$user->message->addError("different password");
					}
			}
			
		}
	
	}
	
	//si menu de modif user
	if (isset($_GET['idmodifuser']) and $_GET['idmodifuser']!= ""){
		//si pseudo a modifier
		if (isset($_POST['mpseudo']) and $_POST['mpseudo'] != "" ){
			//print "prout";exit;
			if( ($_POST['maccesslevel'] <=2) and ($_POST['maccesslevel'] >=0 ) ){
				//print "prout";
				$id =mysql_real_escape_string(htmlspecialchars($_POST['mid']));
				$login=mysql_real_escape_string(htmlspecialchars($_POST['mpseudo']));
				$email=mysql_real_escape_string(htmlspecialchars($_POST['memail']));
				$level=mysql_real_escape_string(htmlspecialchars($_POST['maccesslevel']));
				$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_USER."
											SET login = '$login',access = '$level',email='$email'
											WHERE id = $id");	
				if(($_POST['mpasswd1']!="")and isset($_POST['mpasswd2'])){
					
					if ($_POST['mpasswd1']==$_POST['mpasswd2']){
						$newpasswd = $_POST['mpasswd1'];
						$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_USER." SET passwd = '".md5($newpasswd)."' WHERE id = ".$id." LIMIT 1")or die(mysql_error());
					}else{
							$user->message->addError("different password");
					}
				}
			 }else{
				$user->message->addError("Invalid access");
			 }
		}
	}
	
	//envoi de mail
	if(isset($_POST['hidden']) and 	$_POST['hidden']== "email_send"){
		if (isset($_POST['email_dest']) and $_POST['email_dest'] != "" and isset($_POST['email_message']) and $_POST['email_message'] != "" and isset($_POST['email_object']) and $_POST['email_object'] != ""){
			foreach($_POST['email_dest'] as $login){
				$sql=mysql_query("SELECT id FROM ".DATABASE_TABLE_USER." WHERE login = '".$login."' ");
				while($query = mysql_fetch_array($sql)){
					User::send_email($query['id'],$_POST['email_object'],$_POST['email_message']);
				}
			}
		}else{
			$user->message->addError("Incomplet Email");
		}
	}
	
	
}
?>